On 6/21/05, Florian Weimer [EMAIL PROTECTED] wrote:
Also there are several attacks on Chip n' PIN as deployed here in
the UK, starting with the fake reader attacks - for
instance, a fake reader says you are authorising a payment for
$6.99 while in fact the card and PIN are being used to
James A. Donald wrote:
Rather the server should send out some encrypted random
data which the end user decrypts. End user should then
prove knowledge of that encrypted data.
so the random data is sent encrypted with the person's public key ...
they can decrypt it with their private key. so
Charles M. Hannum wrote:
As long as the credit card has no display, you're still trusting the
terminal to give the purchaser correct information. If you're using a smart
credit card that participates directly in the transaction, storing
transaction data, signed by the processor's system,
--
On 22 Jun 2005 at 8:39, Anne Lynn Wheeler wrote:
the dual-use attack ... is possibly a person-centric
digitally signing token (in contrast to
institutional-centric token where each institution
might issue a unique token for every use) ... that can
be registered for use in multiple
* Peter Fairbrother:
No, it isn't! A handwritten signature is far better, it gives post-facto
evidence about who authorised the transaction - it is hard to fake a
signature so well that later analysis can't detect the forgery,
Apparently, handwritten signatures can be repudiated, at least
Peter Fairbrother wrote:
Also there are several attacks on Chip n' PIN as deployed here in the UK,
starting with the fake reader attacks - for instance, a fake reader says you
are authorising a payment for $6.99 while in fact the card and PIN are being
used to authorise a transaction for
Peter Fairbrother [EMAIL PROTECTED] writes:
Steven M. Bellovin wrote:
Designing a system that deflects this sort of attack is challenging.
The right answer is smart cards that can digitally sign transactions
No, it isn't! A handwritten signature is far better, it gives post-facto
evidence about
MasterCard reported the exposure of up to 40,000,000 credit card
numbers at CardSystems Solutions, a third-party processor of credit
card data. CardSystems was infected with a script that targeted
specific data. In other words, this wasn't the usual carelessness,
this was enemy action, and
On Fri, 17 Jun 2005, Steven M. Bellovin wrote:
Designing a system that deflects this sort of attack is challenging.
The right answer is smart cards that can digitally sign transactions,
but that would require rolling out new readers to all the merchants.
I was amazed to hear of the UK's fast
Steven M. Bellovin wrote:
Designing a system that deflects this sort of attack is challenging.
The right answer is smart cards that can digitally sign transactions
No, it isn't! A handwritten signature is far better, it gives post-facto
evidence about who authorised the transaction - it is
Steven M. Bellovin wrote:
MasterCard reported the exposure of up to 40,000,000 credit card
numbers at CardSystems Solutions, a third-party processor of credit
card data. CardSystems was infected with a script that targeted
specific data. In other words, this wasn't the usual carelessness,
11 matches
Mail list logo
